test: fix, waiting new parse sdk release to handle 500 errors

Author: Moumouls

spec/Adapters/Auth/wechat.spec.js

@@ -23,7 +23,8 @@ describe('WeChatAdapter', function () {
       const user = await adapter.getUserFromAccessToken('validToken', { id: 'validOpenId' });
 
       expect(global.fetch).toHaveBeenCalledWith(
-        'https://api.weixin.qq.com/sns/auth?access_token=validToken&openid=validOpenId'
+        'https://api.weixin.qq.com/sns/auth?access_token=validToken&openid=validOpenId',
+        jasmine.any(Object)
       );
       expect(user).toEqual({ errcode: 0, id: 'validUserId' });
     });
@@ -64,7 +65,8 @@ describe('WeChatAdapter', function () {
       const token = await adapter.getAccessTokenFromCode(authData);
 
       expect(global.fetch).toHaveBeenCalledWith(
-        'https://api.weixin.qq.com/sns/oauth2/access_token?appid=validAppId&secret=validAppSecret&code=validCode&grant_type=authorization_code'
+        'https://api.weixin.qq.com/sns/oauth2/access_token?appid=validAppId&secret=validAppSecret&code=validCode&grant_type=authorization_code',
+        jasmine.any(Object)
       );
       expect(token).toEqual('validToken');
     });

spec/ParseObject.spec.js

@@ -1395,10 +1395,10 @@ describe('Parse.Object testing', () => {
       .save()
       .then(function () {
         const query = new Parse.Query(TestObject);
-        return query.find(object.id);
+        return query.get(object.id);
       })
-      .then(function (results) {
-        updatedObject = results[0];
+      .then(function (result) {
+        updatedObject = result;
         updatedObject.set('x', 11);
         return updatedObject.save();
       })
@@ -1409,7 +1409,8 @@ describe('Parse.Object testing', () => {
         equal(object.createdAt.getTime(), updatedObject.createdAt.getTime());
         equal(object.updatedAt.getTime(), updatedObject.updatedAt.getTime());
         done();
-      });
+      })
+      .catch(done.fail);
   });
 
   xit('fetchAll backbone-style callbacks', function (done) {

spec/ParseRelation.spec.js

@@ -517,7 +517,7 @@ describe('Parse.Relation testing', () => {
 
         // Parent object is un-fetched, so this will call /1/classes/Car instead
         // of /1/classes/Wheel and pass { "redirectClassNameForKey":"wheels" }.
-        return query.find(origWheel.id);
+        return query.find();
       })
       .then(function (results) {
         // Make sure this is Wheel and not Car.

spec/helper.js

@@ -252,6 +252,8 @@ afterEach(global.afterEachFn);
 
 afterAll(() => {
   global.displayTestStats();
+  // restore fetch
+  global.restoreFetch();
 });
 
 const TestObject = Parse.Object.extend({
@@ -387,10 +389,28 @@ function mockShortLivedAuth() {
   return auth;
 }
 
+const originalFetch = global.fetch;
+
+global.restoreFetch = () => {
+  global.fetch = originalFetch;
+}
+
 function mockFetch(mockResponses) {
-  global.fetch = jasmine.createSpy('fetch').and.callFake((url, options = { }) => {
+  const spy = jasmine.createSpy('fetch');
+
+  global.fetch = (url, options = {}) => {
+    // Allow requests to the Parse Server to pass through WITHOUT recording in spy
+    // This prevents tests from failing when they check that fetch wasn't called
+    // but the Parse SDK makes internal requests to the Parse Server
+    if (typeof url === 'string' && url.includes(serverURL)) {
+      return originalFetch(url, options);
+    }
+
+    // Record non-Parse-Server calls in the spy
+    spy(url, options);
+
     options.method ||= 'GET';
-    const mockResponse = mockResponses.find(
+    const mockResponse = mockResponses?.find(
       (mock) => mock.url === url && mock.method === options.method
     );
 
@@ -402,7 +422,11 @@ function mockFetch(mockResponses) {
       ok: false,
       statusText: 'Unknown URL or method',
     });
-  });
+  };
+
+  // Expose spy methods for test assertions
+  global.fetch.calls = spy.calls;
+  global.fetch.and = spy.and;
 }
 
 

spec/vulnerabilities.spec.js

@@ -175,12 +175,10 @@ describe('Vulnerabilities', () => {
           },
         });
       });
-      await expectAsync(new Parse.Object('TestObject').save()).toBeRejectedWith(
-        new Parse.Error(
-          Parse.Error.INVALID_KEY_NAME,
-          'Prohibited keyword in request data: {"key":"constructor"}.'
-        )
-      );
+      // The new Parse SDK handles prototype pollution prevention in .set()
+      // so no error is thrown, but the object prototype should not be polluted
+      await new Parse.Object('TestObject').save();
+      expect(Object.prototype.dummy).toBeUndefined();
     });
 
     it('denies creating global config with polluted data', async () => {
@@ -270,12 +268,10 @@ describe('Vulnerabilities', () => {
         res.json({ success: object });
       });
       await Parse.Hooks.createTrigger('TestObject', 'beforeSave', hookServerURL + '/BeforeSave');
-      await expectAsync(new Parse.Object('TestObject').save()).toBeRejectedWith(
-        new Parse.Error(
-          Parse.Error.INVALID_KEY_NAME,
-          'Prohibited keyword in request data: {"key":"constructor"}.'
-        )
-      );
+      // The new Parse SDK handles prototype pollution prevention in .set()
+      // so no error is thrown, but the object prototype should not be polluted
+      await new Parse.Object('TestObject').save();
+      expect(Object.prototype.dummy).toBeUndefined();
       await new Promise(resolve => server.close(resolve));
     });